Brainscape's Knowledge GenomeTM

Browse over 1 million classes created by top students, professors, publishers, and experts.


See full index

Cloud+ > 231-240 > Flashcards

231-240 Flashcards

1
Q

A company is using an IaaS environment. Which of the following licensing models would BEST suit the organization from a financial perspective to implement scaling?

A. Subscription
B. Volume-based
C. Per user
D. Socket-based

A

D. Socket-based

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

A cloud security engineer needs to ensure authentication to the cloud provider console is secure. Which of the following would BEST achieve this objective?

A. Require the user’s source IP to be an RFC1918 address
B. Require the password to contain uppercase letters, lowercase letters, numbers, and symbols
C. Require the use of a password and a physical token.
D. Require the password to be ten characters long

A

C. Require the use of a password and a physical token.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

A cloud administrator has deployed a website and needs to improve the site security to meet requirements. The website architecture is designed to have a DBaaS in the back end and autoscaling instances in the front end using a load balancer to distribute the request. Which of the following will the cloud administrator MOST likely use?

A. An API gateway
B. An IPS/IDS
C. A reverse proxy
D. A WAF

A

D. A WAF

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

An administrator manages a file server that has a lot of users accessing and creating many files. As a result, the storage consumption is growing quickly. Which of the following would BEST control storage usage?

A. Compression
B. File permissions
C. User quotas
D. Access policies

A

C. User quotas

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

A systems administrator is writing a script for provisioning nodes in the environment. Which of the following would be BEST for the administrator to use to provision the authentication credentials to the script?

A. password=’curl https://10.2.3.4/api/sytemops?op=provision’
B. password=$env_password
C. password=$(cat /opt/app/credentials)
D. password=”MyS3cretP4sswordIsVeryL0ng”

A

C. password=$(cat /opt/app/credentials)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

A cloud administrator is configuring several security appliances hosted in the private IaaS environment to forward the logs to a central log aggregation solution using syslog. Which of the following firewall rules should the administrator add to allow the web servers to connect to the central log collector?

A. Allow UDP 161 outbound from the web servers to the log collector
B. Allow TCP 514 outbound from the web servers to the log collector
C. Allow UDP 161 inbound from the log collector to the web servers
D. Allow TCP 514 inbound from the log collector to the web servers

A

B. Allow TCP 514 outbound from the web servers to the log collector

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

A company has two identical environments (X and Y) running its core business application. As part of an upgrade, the X environment is patched/upgraded and tested while the Y environment is still serving the consumer workloads. Upon successful testing of the X environment, all workload is sent to this environment, and the Y environment is then upgraded before both environments start to manage the workloads. Which of the following upgrade methods is being used?

A. Active-passive
B. Canary
C. Development/production
D. Blue-green

A

D. Blue-green

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

A systems administrator received an email from a cloud provider stating that storage is 80% full on the volume that stores VDI desktops. Which of the following is the MOST efficient way to mitigate the situation?

A. Deduplication
B. Compression
C. Replication
D. Storage migration

A

D. Storage migration

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

During a security incident, an IaaS compute instance is detected to send traffic to a host related to cryptocurrency mining. The security analyst handling the incident determines the scope of the incident is limited to that particular instance. Which of the following should the security analyst do NEXT?

A. Isolate the instance from the network into quarantine
B. Perform a memory acquisition in the affected instance
C. Create a snapshot of the volumes attached to the instance
D. Replace the instance with another from the baseline

A

C. Create a snapshot of the volumes attached to the instance

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

A cloud administrator is responsible for managing a VDI environment that provides end users with access to limited applications. Which of the following should the administrator make changes to when a new application needs to be provided?

A. Application security policy
B. Application whitelisting policy
C. Application hardening policy
D. Application testing policy

A

B. Application whitelisting policy

How well did you know this?
1
Not at all
2
3
4
5
Perfectly

Cloud+ (32 decks)

Brainscape helps you reach your goals faster, through stronger study habits.
© 2024 Bold Learning Solutions. Terms and Conditions